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Claims 

1 . A method for providing access to personal information, the method comprising the 
steps of: 

5 receiving, by an electronic device, a request for access to the personal 

information, the request originating from an entity external to the electronic device; 

providing the external entity with cryptographically protected access 
information allowing the entity access to the personal information existing within a 
personal database also existing external to the electronic device. 

10 

2. The method of claim 1 wherein the step of providing the external entity with the 
cryptographically protected access information comprises the step of providing the 
external entity with a token, the token comprising information taken from the group 
consisting of: 

15 

• an identification label for an element within the database, 

• a type of action to be performed on the database, 

• an identity of a requesting party, 

• a validity period, and 

20 • a digital signature or message authentication code that certifies the token's 

authenticity and integrity. 



3. The method of claim 1 wherein the database is controlled by a user of the 
electronic device. 

25 

4. The method of claim 1 wherein the database is controlled by an owner of the 
personal information. 
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5. The method of claim 1 wherein the database and the electronic device is controlled 
by an owner of the personal information. 
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6. The method of claim 1 wherein the step of providing the external entity with 
cryptographically protected access information allowing the entity access to the 
personal information comprises the step of providing the external entity with a token 
allowing the entity to read the personal information. 

5 

7. The method of claim 1 wherein the step of providing the external entity with 
cryptographically protected access information allowing the entity access to the 
personal information comprises the step of providing the external entity with a token 
allowing the entity to write personal information into the database. 
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8. A method for providing access to personal information, the method comprising the 
steps of: 

receiving, on an electronic device, a request for the personal information, the 
request originating from an entity external to the electronic device; 
15 providing a personal database, external to the electronic device, with 

cryptographically protected access information instructing the database to forward the 
personal information to the external entity. 

9. The method of claim 8 wherein the step of providing the personal database with the 
20 cryptographically protected access information comprises the step of providing the 

database with a token, the token comprising information taken from the group 
consisting of: 

• an identification label for an element within the database, 
25 • a type of action to be performed on the database, 

• an identity of a requesting party, 

• a validity period, and 

• a digital signature or message authentication code that certifies the token's 
authenticity and integrity. 
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1 0. The method of claim 8 wherein the database is controlled by a user of the 
electronic device. 

1 1 . The method of claim 8 wherein the database is controlled by an owner of the 
5 personal information. 

12. The method of claim 8 wherein the database and the electronic device is 
controlled by an owner of the personal information. 

10 13. The method of claim 8 wherein the step of providing the database with 

cryptographically protected access information comprises the step of providing the 
database with a token allowing the external entity to read the personal information. 

14. The method of claim 8 wherein the step of providing the database with 

15 cryptographically protected access information allowing the entity access to the 
personal information comprises the step of providing the database with a token 
allowing the entity to write personal information into the database. 

15. An electronic device comprising: 

20 an authorization manager receiving a request for the personal information, the 

request originating from an entity external to the electronic device and verifying the 
requestor of the personal information as legitimate; and 

a token generator, providing either an external database or the external entity 
with cryptographically protected access information instructing the database to 

25 forward the personal information to the external entitv. 

16. The apparatus of claim 15 wherein the cryptographically protected access 
information comprises a token comprising information taken from the group 
consisting of: 
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• an identification label for an element within the database, 

• a type of action to be performed on the database, 



15 



• an identity of a requesting party, 

• a validity period, and 

• a digital signature or message authentication code that certifies the token's 
authenticity and integrity. 

5 17. The method of claim 15 wherein the database is controlled by a user of the 
electronic device. 



18. The method of claim 15 wherein the database is controlled by an owner of the 
personal information. 
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